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A path from a name to an object has associated with it a triple. 

CX,A,E) 

Global Object Name X *Global meaning 'unique' 

Access Name A 

Environment Name E 

A function fp maps a name (N) given in environment E to a global 
object name (X), but performs no checks, it is defined solely to map names. 

An expanded function Fp(N,A) can be defined which performs fp for 
some access and succeeds only if the triple (X,A,E) exists where X is the 
object accessed (via name N) , A is the Access attanpted, and E is the Environ- 
ment from which the access was attempted. This function is the Enforcement 
of Protection . 

If all possible triples were stored in a matrix a la Lampson each call 
of Fp would see if the appropriate triple existed and fail or allow the access 
Jones states that such a matrix is impractical and says the triples may be 
encoded differently. 

1 . If each Environment has an associated table of pairs of the form 
(X,A) then all triples would exist, divided by Environments. 

2. If each Ob j ect has an associated table of pairs of the form (A,E), 
then all triples would exist, so divided by Object. 

3. If each Access Name has an associated table of pairs of the form 
(X,E), then all triples would exist, subdivided by Access Names. 

Above are three possible encodings of the triples described earlier. Any 
particular call of Fp uses ONE of the data structures. 
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A. If F E uses (1), it is called Execution Site Enforcement. 

B. If F £ uses (2), it is called Object Site Enforcement. 

C. If F £ uses (3), it is called Access Site Enforcement. 

So, the different enforcements listed are simply defined by what particular 
data structure from which the protection information is accessed. 

Conclusion 

Jones also tried to say that each structure is better for certain 
groupings and not other types of grouping. But any particular grouping, 

encoding of lists as she calls it, is 'Policy 1 , a function of F„ which I 

h 

thought was something she was trying to avoid. In any case, all she has 
done is to come up with three of the possible encodings of the Access 
Triples, and defined functions to use each, thereby departing from her role 
as Modeler, but possibly leading to her role as Comparer. 



